There’s a problem with the pets vs cattle analogy that’s come into common use around Linux container systems such as Docker. The analogy breaks down as soon as you start thinking about emotionlessly killing off your containers, a key concept that this analogy is meant to explain.
Say what you like about factory farming and slaughterhouses, they serve the market majority's omnivore demand for beef products. The thing is, there is no analogous benefit from killing off a Linux container. It's just gone, leaving no economically useful product behind.
A Better Analogy
I believe part of the reason for the success of this analogy is that the “pets” part is spot-on; we needn’t mess with it.
What do we replace “cattle” with, then? I propose “circus animals.”
Just as with the VMs vs containers dichotomy, humans keep pets and circus animals for overlapping reasons: enjoyment and entertainment. The differences come with how the two classes of animals are kept, the exact purposes to which they’re put, and — key to this article’s point — how their life cycles differ.
Circus animals are…
…kept in cages to allow the punters to interact with them without risk of injury, and without allowing the animal to escape and cause havoc.
…sourced from exotic locales and may thus carry strange diseases that the local veterinarians don’t know how to cope with.
…prone to short lifetimes, thus subject to being taken out back of the tent at night and shot when no longer economically viable.
…interchangeable: when the leopard must be put down, another leopard is found and put into the same cage, with the same nameplate.
…trained to perform clever feats on demand in front of persnickety audiences.
Each boldfaced word above shows the aptness of this new analogy:
| Term | Translation |
|---|---|
| animal, leopard | public-facing attraction |
| audience | live customer base |
| cage | container |
| demand | orchestrated microservices |
| diseases | malware |
| escape | sandbox security violation |
| exotic locale | external image repo |
| feats | single-purpose containers |
| found | spawned by the orchestrator |
| havoc | spread malware, exfil secrets |
| injury | security exploit |
| interchangeable | immutable base layer |
| nameplate | public proxied domain name |
| punter | monetizable active visitor |
| short lifetime | ephemeral infrastructure |
| shot | docker container kill |
| tent | server farm |
| training | painstaking image development |
| veterinarians | devops dudes, sysadmins |
License
This work is © 2022-2024 by Warren Young and is licensed under CC BY-NC-SA 4.0
